The error is thrown when the IdP is trying to contact the STS. Have you
updated the IdP TLS configuration in
webapps/fediz-idp/WEB-INF/applicationContext.xml?
<http:conduit name="*.http-conduit">
<http:tlsClientParameters
disableCNCheck="true">
<sec:trustManagers>
<sec:keyStore type="jks" password="ispass"
resource="idp-ssl-trust.jks" />
</sec:trustManagers>
<sec:keyManagers keyPassword="tompass">
<sec:keyStore type="jks" password="tompass"
resource="idp-ssl-key.jks"/>
</sec:keyManagers>
</http:tlsClientParameters>
</http:conduit>
Colm.
On Tue, Aug 25, 2015 at 6:32 PM, tazouxme <[email protected]> wrote:
> Hi Colm,
>
> So I tried with delivered IDP/STS. Here is another Exception
>
> org.apache.cxf.service.factory.ServiceConstructionException: Failed to
> create service.
> at
> org.apache.cxf.wsdl11.WSDLServiceFactory.<init>(WSDLServiceFactory.java:87)
> at
>
> org.apache.cxf.ws.security.trust.AbstractSTSClient.createClient(AbstractSTSClient.java:646)
> at
>
> org.apache.cxf.ws.security.trust.AbstractSTSClient.issue(AbstractSTSClient.java:728)
> at
>
> org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:61)
> at
>
> org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:55)
> at
>
> org.apache.cxf.ws.security.trust.STSClient.requestSecurityToken(STSClient.java:51)
> at
>
> com.tazouxme.security.saml.idp.authentication.provider.STSUPAuthenticationProvider.handleUsernamePassword(STSUPAuthenticationProvider.java:74)
> at
>
> com.tazouxme.security.saml.idp.authentication.provider.STSUPAuthenticationProvider.authenticate(STSUPAuthenticationProvider.java:59)
> at
>
> org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:167)
> at
>
> org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:192)
> at
>
> org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilterInternal(BasicAuthenticationFilter.java:177)
> at
>
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
> at
>
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
> at
>
> org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:120)
> at
>
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
> at
>
> org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:96)
> at
>
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
> at
>
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
> at
>
> org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:64)
> at
>
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
> at
>
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
> at
>
> org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:53)
> at
>
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
> at
>
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
> at
>
> org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:91)
> at
>
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
> at
>
> com.tazouxme.security.saml.idp.STSPortFilter.doFilter(STSPortFilter.java:56)
> at
>
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
> at
>
> org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:213)
> at
>
> org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:176)
> at
>
> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
> at
>
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)
> at
>
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
> at
>
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> at
>
> org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:85)
> at
>
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
> at
>
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
> at
>
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> at
>
> org.springframework.orm.hibernate4.support.OpenSessionInViewFilter.doFilterInternal(OpenSessionInViewFilter.java:151)
> at
>
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
> at
>
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
> at
>
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> at
>
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219)
> at
>
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106)
> at
>
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
> at
>
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:142)
> at
>
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
> at
>
> org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:610)
> at
>
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88)
> at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:518)
> at
>
> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1091)
> at
>
> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:668)
> at
>
> org.apache.coyote.http11.Http11NioProtocol$Http11ConnectionHandler.process(Http11NioProtocol.java:223)
> at
>
> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1517)
> at
>
> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1474)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown
> Source)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown
> Source)
> at
>
> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
> at java.lang.Thread.run(Unknown Source)
> Caused by: javax.wsdl.WSDLException: WSDLException: faultCode=PARSER_ERROR:
> Problem parsing
> '
> https://localhost:9443/tazouxme-security-saml-sts/REALMA/STSServiceTransportUT?wsdl'
> .:
> javax.net.ssl.SSLHandshakeException:
> sun.security.validator.ValidatorException: PKIX path validation failed:
> java.security.cert.CertPathValidatorException: signature check failed
> at
> com.ibm.wsdl.xml.WSDLReaderImpl.getDocument(WSDLReaderImpl.java:2198)
> at
> com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(WSDLReaderImpl.java:2390)
> at
> com.ibm.wsdl.xml.WSDLReaderImpl.readWSDL(WSDLReaderImpl.java:2422)
> at
>
> org.apache.cxf.wsdl11.WSDLManagerImpl.loadDefinition(WSDLManagerImpl.java:231)
> at
>
> org.apache.cxf.wsdl11.WSDLManagerImpl.getDefinition(WSDLManagerImpl.java:163)
> at
> org.apache.cxf.wsdl11.WSDLServiceFactory.<init>(WSDLServiceFactory.java:85)
> ... 58 more
> Caused by: javax.net.ssl.SSLHandshakeException:
> sun.security.validator.ValidatorException: PKIX path validation failed:
> java.security.cert.CertPathValidatorException: signature check failed
> at sun.security.ssl.Alerts.getSSLException(Unknown Source)
> at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
> at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
> at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
> at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown
> Source)
> at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
> at sun.security.ssl.Handshaker.processLoop(Unknown Source)
> at sun.security.ssl.Handshaker.process_record(Unknown Source)
> at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
> at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown
> Source)
> at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
> at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
> at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown
> Source)
> at
>
> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown
> Source)
> at
> sun.net.www.protocol.http.HttpURLConnection.getInputStream0(Unknown
> Source)
> at
> sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown
> Source)
> at
> sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown
> Source)
> at
>
> com.sun.org.apache.xerces.internal.impl.XMLEntityManager.setupCurrentEntity(Unknown
> Source)
> at
>
> com.sun.org.apache.xerces.internal.impl.XMLVersionDetector.determineDocVersion(Unknown
> Source)
> at
> com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(Unknown
> Source)
> at
> com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(Unknown
> Source)
> at
> com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(Unknown
> Source)
> at
> com.sun.org.apache.xerces.internal.parsers.DOMParser.parse(Unknown
> Source)
> at
> com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderImpl.parse(Unknown
> Source)
> at
> com.ibm.wsdl.xml.WSDLReaderImpl.getDocument(WSDLReaderImpl.java:2188)
> ... 63 more
> Caused by: sun.security.validator.ValidatorException: PKIX path validation
> failed: java.security.cert.CertPathValidatorException: signature check
> failed
> at sun.security.validator.PKIXValidator.doValidate(Unknown Source)
> at sun.security.validator.PKIXValidator.engineValidate(Unknown
> Source)
> at sun.security.validator.Validator.validate(Unknown Source)
> at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source)
> at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown
> Source)
> at
> sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
> ... 84 more
> Caused by: java.security.cert.CertPathValidatorException: signature check
> failed
> at
> sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(Unknown
> Source)
> at
> sun.security.provider.certpath.PKIXCertPathValidator.validate(Unknown
> Source)
> at
> sun.security.provider.certpath.PKIXCertPathValidator.validate(Unknown
> Source)
> at
> sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(Unknown
> Source)
> at java.security.cert.CertPathValidator.validate(Unknown Source)
> ... 90 more
> Caused by: java.security.SignatureException: Signature does not match.
> at sun.security.x509.X509CertImpl.verify(Unknown Source)
> at
> sun.security.provider.certpath.BasicChecker.verifySignature(Unknown
> Source)
> at sun.security.provider.certpath.BasicChecker.check(Unknown
> Source)
> ... 95 more
>
> Joël
>
>
>
> --
> View this message in context:
> http://cxf.547215.n5.nabble.com/Sorry-CXF-Fediz-IDP-cannot-satisfy-your-request-tp5760366p5760427.html
> Sent from the cxf-user mailing list archive at Nabble.com.
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
